Your HR and Payroll compliance and policy solution! Comply with federal, state, and international laws, find answers to your most challenging questions, get timely updates with email alerts, and more with our suite of products.

Sept. 16 --The Canadian government's Sept. 13 decision
to end the Parliament's legislative session has at least temporarily blocked
passage of proposed amendments (Bill C-12) to Canada's framework federal privacy law that
would have introduced a limited mandatory data breach notification
requirement.

A new parliamentary session is scheduled to start Oct. 16,
and the rules permit the government to reintroduce bills that failed to
complete the parliamentary process in the previous session. But Sébastien
Gariépy, a spokesman for Industry Minister James Moore, told Bloomberg BNA
Sept. 13 that he could not confirm that the amendments to the Personal
Information Protection and Electronic Documents Act (PIPEDA) would be
reintroduced by the Department of Industry.

If reintroduced, it would
be the third time Parliament has seen the measure.

The legislation was
first introduced in May 2010 (9 PVLR 787, 5/31/10). But it died when
Parliament was dissolved for a federal election.

Delays
Raise Concerns

The national data protection authority, the Office of
the Privacy Commissioner of Canada, never had an opportunity to provide
detailed analysis and comment on Bill C-12, as the legislation never made it
to that point in the parliamentary process, privacy office spokesman Scott
Hutchinson told BNA Sept. 13.

Outgoing Privacy Commissioner Jennifer
Stoddart has been clear that her office's proposals, which were based on a
review of PIPEDA conducted in 2006, are now out of date, Hutchinson said.

“Much has changed as the years have passed, and the Commissioner believes
Canadians need far stronger protections than what is being proposed with
respect to data breaches,” he said. “Our Office would again encourage
parliamentarians to proceed with a second review of PIPEDA. It is our hope
that the government will take these views into account as it plans ahead for
the coming parliamentary session.”

Stoddart, whose term as privacy
commissioner expires in December, continued to stress in her last annual report to the Canadian Parliament on PIPEDA,
published June 6, that the act should be fully reviewed and updated to better
motivate organizations to make privacy a priority (12 PVLR 1217, 7/8/13).

The privacy community and Canadians in general have been pushing for many
years for an updating of PIPEDA, so hopefully the government will give the
proposed amendments even higher priority in the new parliamentary session,
Brian Bowman, a partner with Winnipeg-based Pitblado LLP, told Bloomberg BNA
Sept. 16.

“I and many others in the privacy community are very eager to
see this move forward as soon as possible,” Bowman, chair of the Canadian Bar
Association's National Privacy and Access Law Section, told Bloomberg BNA. “The
stakes are quite high as far as many of these proposed changes are
concerned.”

Technology continues to evolve at a rapid pace, and
amendments are needed to help PIPEDA catch up to the current environment, he
said. The government's challenge is to find an appropriate balance between
ensuring privacy protection for individual Canadians and not imposing excessive
restrictions on the business community, he said.

Prioritizing
Privacy?

Ideally, the government will commit to a time frame to
implement the PIPEDA amendments and will provide opportunities for input from
the legal community and the general public, Bowman said. “They've got a lot of
competing priorities, but this impacts every Canadian,” he said.

It is,
however, difficult to predict how much priority the Canadian government will
put on privacy issues in the upcoming parliamentary session, Kris Klein, a
partner with Ottawa-based law firm nNovation LLP, told Bloomberg BNA Sept.
16.

In addition to the PIPEDA amendments proposed in Bill C-12, the
government needs to complete implementation of its new anti-spam law,
modernize the public sector Privacy Act, and appoint a new federal privacy
commissioner, Klein, also managing director of the Canadian chapter of the
International Association of Privacy Professionals, said.

Limited
Breach Notice

Bill C-12 would have required organizations to report to
the privacy commissioner “material” data breaches, although the bill does not
define the term “material.”

The bill included a risk of harm trigger
that would have required organizations to notify affected individuals only if
they faced significant risk of harm. The bill does not detail how breach
notifications were to be made, indicating that would be specified in
subsequent regulations, and did not provide details of how the privacy agency
would enforce the breach notification requirements.

Privacy groups
warned that Bill C-12's limited requirements would not be sufficient to ensure
that data breaches would not harm consumer confidence in the new digital
economy (11 PVLR 106, 1/16/12).

A private member's bill (C-475) that proposed an alternative breach notification regime was also introduced in the closed parliamentary session. C-475, introduced Feb. 26 by New Democratic Party member Charmaine
Borg, was briefly debated May 23 but was never brought to a vote.

C-475
would have required, “without unreasonable delay,” notification of any breach
involving the loss, disclosure or unauthorized access to personal information
where a reasonable person would see a possible risk of harm.

It also
would have empowered the federal privacy agency to require notification of
potentially affected individuals of any “appreciable” risk of harm and would
have given the agency new order-making powers and a right of action against
private sector organizations that fail to comply with an order.

All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to books@bna.com.

Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)

Notify me when updates are available (No standing order will be created).

This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to research@bna.com.

Put me on standing order

Notify me when new releases are available (no standing order will be created)